Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/_Z-DIRzRzCaZ4VlWNg3FF1mulrM.roa
File:                     _Z-DIRzRzCaZ4VlWNg3FF1mulrM.roa (raw, json)
Hash identifier:          O0cbr/sSsghi1sq/TP9Zv05S9T698tWmsbqHbdEXD0k=
Subject key identifier:   FD:9F:83:21:1C:D1:CC:26:99:E1:59:56:36:0D:C5:17:59:AE:96:B3
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       019D722EC3F5339368498C4BBCBA30B8B145
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/_Z-DIRzRzCaZ4VlWNg3FF1mulrM.roa
Signing time:             Thu 09 Apr 2026 12:19:20 +0000
ROA not before:           Thu 09 Apr 2026 12:19:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     150293
IP address blocks:        87.101.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:72:2e:c3:f5:33:93:68:49:8c:4b:bc:ba:30:b8:b1:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Apr  9 12:19:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fd9f83211cd1cc2699e15956360dc51759ae96b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:47:0d:bd:25:da:b1:c5:63:77:56:f0:b9:af:
                    cc:81:65:33:5c:92:99:80:e8:6e:68:34:1c:2d:e6:
                    c8:e0:ab:f1:36:0f:5d:02:24:8b:c9:7a:37:67:e0:
                    c5:3c:fe:17:26:f0:ed:ae:54:7c:c6:63:22:3c:ef:
                    6c:0a:e3:7b:48:af:ac:b2:11:07:c0:9c:6f:ac:7c:
                    05:9e:01:ac:ca:41:94:cb:f0:0b:68:68:6d:5e:ea:
                    83:ee:d6:45:ce:8b:3d:c7:ec:21:c9:b2:08:2e:ed:
                    e4:b3:d5:23:98:32:58:8a:a8:11:3f:b5:10:fa:20:
                    9a:c5:5b:a4:87:f4:2f:25:69:4c:e3:2b:30:80:2f:
                    a3:49:8c:d8:2a:8d:3d:c7:60:3e:dc:a4:8a:6b:95:
                    86:71:a5:72:a2:10:6b:13:c7:b0:66:73:a2:ae:22:
                    c3:41:a2:9f:36:17:5d:2a:67:9a:56:2f:79:ae:45:
                    fb:61:a4:cc:4f:1f:81:83:97:65:1d:7a:66:0a:e7:
                    95:20:e7:1c:73:3c:18:4e:73:fa:f4:2b:cc:ac:d6:
                    a2:0e:f0:a6:00:5a:7a:5d:8b:c2:9b:5c:b3:a7:c3:
                    99:52:56:fd:0f:cf:e9:86:b8:95:9f:1d:e6:e3:6b:
                    3c:cc:22:e3:07:fc:cd:6a:9b:67:53:12:56:5a:97:
                    3c:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:9F:83:21:1C:D1:CC:26:99:E1:59:56:36:0D:C5:17:59:AE:96:B3
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/_Z-DIRzRzCaZ4VlWNg3FF1mulrM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.101.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:19:cb:16:3a:94:32:c1:c0:ed:7f:26:89:d2:97:c4:c9:d1:
         f2:97:39:04:1d:e3:b1:22:5f:c9:6a:2f:01:74:c4:9a:b4:96:
         ac:27:3a:62:8d:6a:94:49:d5:04:a8:ce:37:c8:37:f0:46:50:
         56:32:6e:c9:ae:ed:a4:3c:a9:60:85:4f:0c:fa:05:85:ca:25:
         eb:ea:62:4f:9d:82:4e:e7:29:6d:8d:35:d5:1e:6a:9c:6b:54:
         0f:4f:5b:a6:09:f1:be:9d:20:e7:c6:5c:9d:86:a0:d1:38:0f:
         44:2e:64:4c:f7:56:e0:7d:a2:5c:4d:8e:06:63:c0:84:74:fa:
         52:76:8b:37:31:93:f4:1e:65:ec:ce:95:8c:6f:b2:60:5f:ce:
         ce:5e:60:4f:ad:ff:c2:3d:77:77:51:8a:63:81:18:b5:82:93:
         0f:7b:44:ae:f3:56:62:6d:4a:bd:4d:94:7d:95:44:ef:6e:aa:
         9c:30:9f:4c:f4:f8:8f:99:1e:28:aa:57:b9:38:0b:ac:0d:ab:
         d8:b0:50:cb:d3:eb:da:a6:ec:42:6a:48:e7:d0:67:e6:3a:23:
         05:bf:48:56:08:38:1e:b3:c0:07:44:f8:b3:07:ff:af:0d:f0:
         3b:2f:27:4f:34:25:df:72:37:a0:64:8b:c0:39:f3:f2:11:54:
         e7:50:61:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1yLsP1M5NoSYxLvLowuLFFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjYwNDA5MTIxOTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDlmODMyMTFjZDFjYzI2OTllMTU5NTYzNjBkYzUxNzU5YWU5NmIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxUcNvSXascVjd1bwua/MgWUzXJKZ
gOhuaDQcLebI4KvxNg9dAiSLyXo3Z+DFPP4XJvDtrlR8xmMiPO9sCuN7SK+sshEH
wJxvrHwFngGsykGUy/ALaGhtXuqD7tZFzos9x+whybIILu3ks9UjmDJYiqgRP7UQ
+iCaxVukh/QvJWlM4yswgC+jSYzYKo09x2A+3KSKa5WGcaVyohBrE8ewZnOiriLD
QaKfNhddKmeaVi95rkX7YaTMTx+Bg5dlHXpmCueVIOccczwYTnP69CvMrNaiDvCm
AFp6XYvCm1yzp8OZUlb9D8/phriVnx3m42s8zCLjB/zNaptnUxJWWpc8nwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP2fgyEc0cwmmeFZVjYNxRdZrpazMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvX1otRElSelJ6Q2FaNFZsV05nM0ZGMW11bHJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV2UDMA0G
CSqGSIb3DQEBCwUAA4IBAQB8GcsWOpQywcDtfyaJ0pfEydHylzkEHeOxIl/Jai8B
dMSatJasJzpijWqUSdUEqM43yDfwRlBWMm7Jru2kPKlghU8M+gWFyiXr6mJPnYJO
5yltjTXVHmqca1QPT1umCfG+nSDnxlydhqDROA9ELmRM91bgfaJcTY4GY8CEdPpS
dos3MZP0HmXszpWMb7JgX87OXmBPrf/CPXd3UYpjgRi1gpMPe0Su81ZibUq9TZR9
lUTvbqqcMJ9M9PiPmR4oqle5OAusDavYsFDL0+vapuxCakjn0GfmOiMFv0hWCDge
s8AHRPizB/+vDfA7LydPNCXfcjegZIvAOfPyEVTnUGFm
-----END CERTIFICATE-----